Overview: Processes and tools for preventing and monitoring malicious attacks and misuse of APIs.

Overview: Integrating security practices and tools into the Continuous Integration (CI) and Continuous Deployment (CD) pipeline to protect software during the testing, build, and deployment processes.

Overview: Systems to protect web applications or APIs against exploits, bots, and attacks that compromise the security and availability of web applications.

Overview: The continuous process of assessing, improving, and monitoring the security state of software applications.

Overview: A method of testing applications for security vulnerabilities by simulating external attacks on a running application.

Overview: Practices and tools used to ensure that the code and processes used to automate and manage IT infrastructure are secure and free from vulnerabilities.

Overview: The process of assessing and identifying security vulnerabilities in mobile applications.

Overview: Ensuring the use of software within an organization adheres to the terms and conditions outlined in its licensing agreements.

Overview: The process of digitally signing software to verify the author's identity and ensure that the code has not been altered or corrupted since it was signed.

Overview: A comprehensive inventory of all components, libraries, and modules used in an application, detailing their versions, licenses, and dependencies.

Overview: Tools, controls, and processes to protect databases from compromise.

Overview: Identification, collection, and storage of electronic information for investigations and legal requests.

Overview: Infrastructure to establish and manage public key encryption for user identities, device identities, and secure end-to-end communications.

Overview: Processes and tools for creating, storing, and restoring copies of data to protect against data loss.

Overview: The process of scanning data sources to find and classify structured and unstructured data, with a focus on sensitive and/or regulated data.

Overview: Messaging solutions to help employees and partners within an organization communicate securely.

Overview: Firms authorized to conduct independent reviews and certify compliance with regulations and standards.

Overview: Official rules to enforce laws created by governments. Implemented and maintained by authorized government agencies.

Overview: Systems to automate and integrate enterprise, operational, and IT risk management processes and data.

Overview: Written documents and tools for managing rules for individuals accessing an organization's systems and data.

Overview: Materials and products to measure and improve the knowledge and understanding individuals have about cyber threats and the best practices to safeguard against them.

Overview: Documented guidance for policies and controls to systematically manage security and risk.

Overview: Workflows and automation for various functions of a privacy program.

Overview: Tools to help organizations map data flows across the enterprise.

Overview: Information and updates for understanding global privacy laws and regulations.

Overview: Specialty business insurance for protection against cybersecurity-related losses, including data breaches, ransomware, and other incidents.

Overview: Identification, management, and remediation of company-wide risk at an executive level.

Overview: Business practices, workflows, and tools used by online platforms to reduce the risk of users experiencing harm, fraud, abuse, and other negative behaviors.

Overview: Platforms for identifying, tracking, controlling, and managing user access to applications and infrastructure.

Overview: Systems for controlling customer access to applications and managing customer profile information.

Overview: Services that correlate online and offline identifiers with consumer identities to create an accurate view of customers.

Overview: The process of verifying the identity and assessing the legitimacy of businesses, typically for compliance and risk management purposes.

Overview: Verification of identities without the use of traditional passwords, instead relying on methods like biometrics, tokens, or cryptographic keys.

Overview: Assessing, monitoring, and mitigating risks associated with user access and authentication in unmanaged SaaS applications.

Overview: Toos that allow users to reset their passwords independently, typically through a series of authentication steps.

Overview: Decentralized and user-centric identification systems in the blockchain and cryptocurrency space, enabling users to own and control their digital identities without relying on central authorities.

Overview: Services that compile and help verify employment, criminal, financial, and other records for people and organizations.

Overview: Systems for gaining visibility and enforcing access control policies on unstructured data (spreadsheets, documents, PDFs, etc.).

Overview: Systems for administering accounts and credentials, access provisioning, and access reviews.

Overview: Identity stores that allow users to manage and share their digital identity credentials and data.

Overview: Systems for managing privileged (elevated) access for users, shared accounts, secrets, keys, and other high risk credentials.

Overview: Tools to help companies manage permissions and detect excessive or risky access in cloud environments.

Overview: Continuous management, monitoring, policy enforcement, and compliance for cloud environment configurations.

Overview: Measures and practices to protect containerized applications and their underlying infrastructure from threats and vulnerabilities throughout the container lifecycle.

Overview: Security measures designed to detect, block, and prevent unwanted or deceptive emails, such as spam and phishing attempts, from reaching users.

Overview: Encrypting email messages in transit and/or at rest to protect their content from being read by anyone other than the intended recipients.

Overview: Security solutions that monitor and filter incoming and outgoing emails to protect against spam, viruses, phishing attacks, and other email-based threats.

Overview: Tools installed on endpoints to record key activity for monitoring and threat investigations.

Overview: Software to protect endpoints from threats, including malware, ransomware, phishing, and data theft.

Overview: The process of encrypting the data stored on a host, such as a server or a computer, to protect it against unauthorized access and ensure its confidentiality.

Overview: Technology used to secure, monitor, manage, and support mobile devices deployed across mobile operators, service providers, and enterprises.

Overview: Services to throttle and prevent distributed denial of service attack disruptions.

Overview: Network security devices to regulate network traffic based on rules.

Overview: Systems that provide visibility and control of devices accessing a network.

Overview: Tools that provide visibility into encrypted network traffic for monitoring and threat analysis.

Overview: Platforms to help secure and manage use of cloud-based SaaS applications and infrastructure.

Overview: A security approach that evaluates and verifies the trustworthiness of a device based on its attributes and configuration before granting it access.

Overview: Security-focused web browsers and isolation for enterprises.

Overview: A networking approach that uses software to control, optimize, and secure traffic routing across wide area networks.

Overview: Products that broker access to applications and network resources based on identity and context.

Overview: Automated data collection and analysis across multi-cloud environments for cloud incident investigations.

Overview: Tracking and analysis of data on networks, mobile devices, computers, and storage devices for cybercrime investigations.

Overview: Collection of publicly available data and information sources to provide actionable intelligence.

Overview: Decoy data or systems strategically placed within a network to detect and alert on unauthorized access or malicious activity, functioning as an early warning system.

Overview: Systems to monitor and prevent network traffic using recognized security threat profiles.

Overview: Data analytics platforms to proactively monitor and analyze security data.

Overview: Monitoring tools for logging and measuring employee activity and productivity.

Overview: Platforms to visualize, monitor, optimize, troubleshoot, and report on the health and availability of networks.

Overview: A centralized repository that stores large volumes of raw security data from various sources within commercial cloud data platforms, enabling advanced analytics and threat detection.

Overview: Tools to consolidate and correlate log data for identification of security incidents.

Overview: Processes and tools for identifying and managing IT assets and their potential security risks.

Overview: Processes and tools for keeping applications and infrastructure up to date with patches to address bugs and vulnerabilities.

Overview: The continuous process of identifying, cataloging, monitoring, and minimizing exposed and potentially exploitable points in an organization's environment.

Overview: Identifying, analyzing, and securing an organization's publicly exposed systems, services, and data to mitigate risks from external threats.

Overview: Techniques to manipulate people into exposing confidential information, allowing unauthorized access, and other human-exploitable vulnerabilities.

Overview: specialized assistance from external experts to effectively manage and mitigate the impact of cybersecurity incidents to recover and minimize damage.

Overview: Outsourced management and monitoring for basic cybersecurity functions and systems.

Overview: Specialized cybersecurity, privacy, or risk consulting practices within small professional services firms.

Overview: Public platforms for specific cybersecurity services, such as bug bounties.